Menu Close

Consumers Targeted with GDPR Phishing Scams

The approaching May 25, 2018 deadline for GDPR compliance has businesses hurrying to update their privacy policies while cyber criminals are  capitalizing on their need to re-consent their databases.

It is very common for scammers to use current event trends as bait for social engineering attacks.  People are more likely to be expecting these types of emails and notifications so they are less suspicious and less cautious.

Recently, cyber attackers sent phishing emails disguised as Airbnb customer support customers requesting they update their personal information.    When the email recipient clicked the link in the email their personal account and payment information was shared with the hackers.

Be aware!  Use these tips for spotting phishing email scams

  • Watch for fake email addresses!  They may look legitimate, but do not use the real domain.   For example, they may show @mail.airbnb.work  instead of  @Airbnb.com.
  • Be aware of inconsistencies in branding such as fonts, colors, or logos.  
  • If an email asks you to do something such as click a link or provide personal data, consider first if they have a genuine reason to make such a request. If so, check their website to see if you can complete the process there instead.
  • Be extra careful when checking emails via a smartphone, since they usually provide a condensed screen view, which tends to hide important details such as sender email address.
  • If you think you have been phished, change your passwords immediately across all accounts with the same/similar login details.
  • Be aware that hackers may also try to steal personal data over the phone, so be equally vigilant when receiving unsolicited phone calls and do not provide personal information unless you have made initial contact.
  • Businesses concerned with the risk of phishing should implement multiple email validation and authentication systems designed to prevent email spoofing. They should also conduct regular employee training and introduce proactive network and endpoint monitoring.   (Sourced:  https://www.computerweekly.com/news/252440482/Redscan-warns-of-GDPR-phishing-scams)

Educating your staff is the first line of security.  A simulated phishing test will reveal weak links.

[maxbutton id=”34″ url=”https://www.accentconsulting.com/pg/how-many-of-your-employees-will-take-the-bait/” ]